Cisco Cisco Email Security Appliance C160 Mode D'Emploi
9-37
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
The
header
-
dictionary-match(<dictonary_name>, <header>)
rule works like the dictionary-match
rule above, except that it looks for matches in the header specified in <header>. The header name is case
insensitive, so, for example, “subject” and “Subject” both work.
insensitive, so, for example, “subject” and “Subject” both work.
The following filter sends the message to the Policy quarantine if the message’s “cc” header contains
any words found within the dictionary named “ex_employees.”
any words found within the dictionary named “ex_employees.”
You can use wild cards within the dictionary terms. You do not have to escape the period in email
addresses.
addresses.
SPF-Status Rule
When you receive SPF/SIDF verified mail, you may want to take different actions depending on the
results of the SPF/SIDF verification. The spf-status rule checks against different SPF verification results.
For more information, see
results of the SPF/SIDF verification. The spf-status rule checks against different SPF verification results.
For more information, see
.
You can check against the SPF/SIDF verification results using the following syntax:
If you want a single condition to check against multiple status verdicts, you can use the following syntax:
You can also check the verification results against the HELO, MAIL FROM, and PRA identities using
the following syntax:
the following syntax:
The following example shows the
spf-status
filter in use:
quarantine('Policy');
}
quarantine_codenames_attachment:
if (header-dictionary-match ('ex_employees', 'cc'))
{
quarantine('Policy');
}
if (spf-status == "Pass")
if (spf-status == "PermError, TempError")
if (spf-status("pra") == "Fail")
skip-spam-check-for-verified-senders:
if (sendergroup == "TRUSTED" and spf-status == "Pass"){
skip-spamcheck();